Three Most In-Demand Cybersecurity Jobs

Uploaded on 2017-07-27 in NEWS-Cybersecurity News, JOBS-Careers, FREE TO VIEW

Cybersecurity roles rank among the most difficult to fill in the enterprise, with the talent gap in this field expected to reach 1.8 million jobs by 2022.

This is a major problem, as threats such as ransomware are at an all-time high, according to Stephen Zafarino, senior director of recruiting at Mondo, a US based national staffing agency specialising in niche IT, tech, and digital marketing talent.

"It definitely can be a challenge, demand is extremely high, and supply is very low, so it's a candidate's market," Zafarino said. "Companies see the benefit of making sure they are investing in the right talent from the best places, and are definitely paying a heavy price as a result."

The average salary for a cyber-security engineer is between $110,000 and $160,000, Zafarino said. And skilled candidates are more able to negotiate salary, benefits, and perks such as working remotely than in the past, he added.

Here are the three most in-demand cybersecurity jobs this year, according to Mondo:

1. Penetration testers

Ransomware is on the rise. After the Petya attack, Zafarino said he received "plenty of phone calls about how to achieve higher security, and who can come evaluate it."

Penetration testers are often a good way to do that, as they go into your system and find vulnerabilities. From there, they will either correct the issue, or offer a detailed report of the flaws in the system so a company can bring in cyber-security engineers or analysts to fix them, and make sure no outside source can break in.
 
2. Cyber-security engineers

Cybersecurity engineers often come from a technical background within development, usually with knowledge of Python and Java. "They are able to get behind the code, and take a deep dive in to see what performance issues might occur from vulnerabilities, and what tweaks they can make," Zafarino said. They also make sure employees are up to date on security best practices.

3. CISOs

The chief information security officer (CISO) helms a company's cybersecurity strategies. "With all of these changes happening, it's important for companies to make sure they have the right leadership in place, and bring in people who are experts in the field," Zafarino said.

In the past, a networking engineer or programmer might have handled cybersecurity on the side. Today, companies want an experienced CISO or security director to lead their efforts. "They are able to come in and give the right strategy because they have gone through the gambit and seen what happens," Zafarino said.

"They have worked their way up to the top, and know the needs and how to address issues and the best tech to use. They are true subject matter experts. Clients are making sure they have these people in place so they are getting the right strategy and staying ahead of the curb."

Companies are also looking for leaders who aren't afraid to point out issues and offer solutions to fix them. They also need to be future-minded, and always looking into how they will continuously grow their approach to security and add new functions, be they tools or employees.

Looking to the Future

Zafarino predicted that we will see these same positions in demand going forward into 2018. "We may see a heavier focus on engineering and analysts, and a lot of companies are probably going to be looking for designated leadership with cyber-security," he said. "They'll also be making sure the right infrastructure is in place, as companies are starting to realize that everyone is a potential threat and taking measures as a result."
 
However, with so few available cybersecurity engineers, many companies are taking inexperienced people and training them, Zafarino said.

"For lower-level professionals, companies need to consider if they want to pay a premium for an analyst to get every skillset they're looking for, or if they want to invest in trainings and seminars," Zafarino said. If you chose the latter, it's key to bring in a consultant for a short amount of time to help get the employee up to speed. "In the long term, that person is probably perfect, especially if you don't have the money at hand," he said. "If you do, you absolutely want to go with the more senior resource, and you can bring in lower-level people along the way."

Zafarino said he commonly sees two paths to becoming a cyber-security professional.

In the first, a person comes from a computer science background, and can usually command a higher salary.

In the second, a person comes from a networking or helpdesk background, and works their way up to systems administrator by taking basic security courses. Those tend to hold lower level security analyst positions, as opposed to security engineers, which usually have a computer science background.

If you need to fill a hole immediately, Zafarino recommended hiring a consultant, which may be more readily available and cost effective.

"Since the threats keep coming more frequently, if you're looking to hire somebody, you probably want to do it sooner rather than later," Zafarino said.

Tech Republic:

You Might Also Read:

Want A Career In Cybersecurity?:

Cybersecurity Threats Are Changing Recruitment:

« Trump Tells US Cyber Command To Get More Aggressive
Cybersecurity Is More Difficult Than 2 Years Ago »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CGI Group

CGI Group

CGI is a leading IT and business process services provider. Services include IT consulting, Systems Integration, Application Development, Infrastructure, Business Processes, Digital IP.

Altius IT

Altius IT

Altius IT reviews your website for security vulnerabilities and provides a report identifying vulnerabilities and recommendations to make secure.

Foresite

Foresite

Foresite is a global service provider, delivering a range of managed security and consulting solutions.

QA

QA

QA is a leading IT training provider in the UK with over 1,500 courses covering all areas of IT including Cyber Security.

Pentagon Group

Pentagon Group

Pentagon Group is a provider of security services in high-risk environments, remote areas and emerging markets in support of land-based, aviation, maritime and cyber operations.

GreenWorld Technologies

GreenWorld Technologies

GreenWorld has a proven track record in industry leading IT asset management, secure data destruction and remarketing.

Stratum Security

Stratum Security

Stratum Security is an information security consulting company that focuses on providing clear and concise risk guidance to its clients through high quality assessment services.

GateKeeper Enterprise

GateKeeper Enterprise

The GateKeeper Enterprise software is an identity access management solution. Automated proximity-based authentication into computers and websites. Passwordless login and auto-lock PCs.

Axio Global

Axio Global

Axio is a leading cyber risk management SaaS company. Our Axio360 platform gives companies visibility to their cyber risk, and enables them to prioritize investments to protect their business.

HMS Networks

HMS Networks

HMS stands for Hardware meets Software. Our technology enables industrial hardware to communicate and share information with software and systems.

QAlified

QAlified

QAlified offer independent testing and quality assurance services for software projects including security testing.

Mailinblack

Mailinblack

Mailinblack protects your organisation against email threats with an innovative solution that meets your security requirements.

Systal Technology Solutions

Systal Technology Solutions

Systal is a global managed network and security service and transformation specialist. We help enterprise-level businesses maximise the security and business value of their complex IT infrastructure.

Vantor

Vantor

Vantor is a Managed Security Services Provider (MSSP) that specializes in providing outsourced, managed cybersecurity services.

InfoSight

InfoSight

InfoSight offers proven Cyber Security, Regulatory Compliance, Risk Management and Infrastructure Solutions to protect your business and your customers from cyber crime and fraud.

Cyber Brain Academy

Cyber Brain Academy

At Cyber Brain Academy, our mission is to provide high-quality IT certification training for the cyber security workforce.